Privacy Policy

[COMPANY_NAME] ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS platform and services (the "Service").

1.1 Information You Provide

When you register for and use our Service, we collect information that you provide directly to us:

• Account Information: Name, email address, and password (encrypted)
• Profile Information: Optional information you choose to add to your profile
• Payment Information: Billing details processed securely through Stripe (we do not store full credit card numbers)
• Communications: Information you provide when contacting customer support or subscribing to our newsletter
• User Content: Any data, files, or content you upload or create using our Service

1.2 Information Automatically Collected

When you access our Service, we automatically collect certain information:

• Device Information: IP address, browser type, device type, operating system
• Usage Data: Pages viewed, features used, time spent, click data, and navigation patterns
• Authentication Data: Session tokens and authentication status via Auth.js
• Performance Metrics: Error logs and performance monitoring data

1.3 Third-Party Authentication

When you sign in using Google OAuth, we receive basic profile information (name, email, profile picture) from Google in accordance with their privacy policies. We do not store your Google password.

We use the information we collect for the following purposes:

• Service Provision: To provide, maintain, and improve our Service
• Account Management: To create and manage your account, authenticate your identity
• Billing and Payments: To process transactions and send billing-related communications
• Communications: To send you technical notices, updates, security alerts, and support messages
• Marketing: To send promotional communications (with your consent, and you may opt out at any time)
• Analytics: To understand how users interact with our Service and improve user experience
• Security: To detect, prevent, and address fraud, security issues, and technical problems
• Legal Compliance: To comply with legal obligations and enforce our Terms of Service

We use the following third-party service providers to operate our Service:

We use cookies and similar tracking technologies to provide and improve our Service:

4.1 Essential Cookies

These cookies are necessary for the Service to function and cannot be disabled:

• Authentication Cookies: To keep you logged in and maintain your session (Auth.js)
• Security Cookies: To prevent cross-site request forgery (CSRF) attacks
• Preference Cookies: To remember your theme (dark/light mode) and language preferences

4.2 Analytics Cookies

We may use analytics services to understand how users interact with our Service. You can opt out of analytics tracking through your browser settings or third-party tools.

4.3 Managing Cookies

Most web browsers allow you to control cookies through their settings. However, disabling essential cookies may prevent you from using certain features of our Service.

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

• Service Providers: With third-party vendors who perform services on our behalf (payment processing, email delivery, hosting)
• Legal Requirements: When required by law, subpoena, or other legal process
• Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)
• Protection of Rights: To protect our rights, property, safety, or that of our users or the public
• With Your Consent: When you explicitly authorize us to share your information

Depending on your location, you may have the following rights regarding your personal information:

6.1 GDPR Rights (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have the following rights under GDPR:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request restriction of processing of your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your data for certain purposes
• Right to Withdraw Consent: Withdraw consent at any time (without affecting lawfulness of prior processing)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

6.2 CCPA/CPRA Rights (California Users)

If you are a California resident, you have the following rights under CCPA/CPRA:

• Right to Know: Request disclosure of personal information collected, used, or sold
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale or sharing of personal information (we do not sell personal information)
• Right to Correct: Request correction of inaccurate personal information
• Right to Non-Discrimination: Exercise your rights without discriminatory treatment

6.3 Exercising Your Rights

To exercise any of these rights, please contact us at [CONTACT_EMAIL]. We will respond to your request within 30 days (or as required by applicable law). You may also manage certain information directly through your account settings.

7. Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.

• Account Data: Retained while your account is active and for a reasonable period thereafter for legal and business purposes
• Transaction Records: Retained for at least 7 years for tax and accounting purposes
• Marketing Data: Retained until you unsubscribe or request deletion
• Usage Data: Typically retained for up to 24 months for analytics purposes

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal purposes.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption: Data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption
• Authentication: Secure authentication using Auth.js with session management
• Access Controls: Limited access to personal data on a need-to-know basis
• Regular Security Audits: We conduct regular security assessments and vulnerability testing
• Secure Payment Processing: PCI-DSS compliant payment processing through Stripe

While we strive to protect your information, no method of transmission or storage is 100% secure. If you become aware of any security vulnerability, please contact us immediately.

If you subscribe to our newsletter or opt-in to marketing communications:

• We will send you product updates, feature announcements, and promotional content
• Your email address is stored securely and used only for the stated purposes
• We use Resend for email delivery, which may track email opens and clicks for analytics
• You can unsubscribe at any time using the link in any marketing email
• Unsubscribing from marketing emails will not affect transactional emails (receipts, security alerts)

We comply with CAN-SPAM Act (US), CASL (Canada), and GDPR marketing consent requirements.

10. Children's Privacy

Our Service is not intended for children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at [CONTACT_EMAIL], and we will take steps to delete such information.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction.

When we transfer data from the EU/EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally recognized transfer mechanisms

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending you an email notification (for material changes)
• Displaying a prominent notice on our Service

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: